k8s.io/registry.k8s.io@v0.3.1/pkg/net/clientip/clientip_test.go (about) 1 /* 2 Copyright 2022 The Kubernetes Authors. 3 4 Licensed under the Apache License, Version 2.0 (the "License"); 5 you may not use this file except in compliance with the License. 6 You may obtain a copy of the License at 7 8 http://www.apache.org/licenses/LICENSE-2.0 9 10 Unless required by applicable law or agreed to in writing, software 11 distributed under the License is distributed on an "AS IS" BASIS, 12 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 See the License for the specific language governing permissions and 14 limitations under the License. 15 */ 16 17 package clientip 18 19 import ( 20 "net/http" 21 "net/netip" 22 "testing" 23 ) 24 25 func TestGet(t *testing.T) { 26 testCases := []struct { 27 Name string 28 Request http.Request 29 ExpectedIP netip.Addr 30 ExpectError bool 31 }{ 32 { 33 Name: "NO X-Forwarded-For", 34 Request: http.Request{ 35 RemoteAddr: "127.0.0.1:8888", 36 }, 37 ExpectedIP: netip.MustParseAddr("127.0.0.1"), 38 }, 39 { 40 Name: "NO X-Forwarded-For, somehow bogus RemoteAddr ??? gotta pump code coverage 🤷", 41 Request: http.Request{ 42 RemoteAddr: "127.0.0.1asd;lfkj8888", 43 }, 44 ExpectError: true, 45 }, 46 { 47 Name: "X-Forwarded-For without client-supplied", 48 Request: http.Request{ 49 Header: http.Header{ 50 "X-Forwarded-For": []string{"8.8.8.8,8.8.8.9"}, 51 }, 52 RemoteAddr: "127.0.0.1:8888", 53 }, 54 ExpectedIP: netip.MustParseAddr("8.8.8.8"), 55 }, 56 { 57 Name: "X-Forwarded-For with clean client-supplied", 58 Request: http.Request{ 59 Header: http.Header{ 60 "X-Forwarded-For": []string{"127.0.0.1, 8.8.8.8, 8.8.8.9"}, 61 }, 62 RemoteAddr: "127.0.0.1:8888", 63 }, 64 ExpectedIP: netip.MustParseAddr("8.8.8.8"), 65 }, 66 { 67 Name: "X-Forwarded-For with garbage client-supplied", 68 Request: http.Request{ 69 Header: http.Header{ 70 "X-Forwarded-For": []string{"asd;lfkjaasdf;lk,,8.8.8.8,8.8.8.9"}, 71 }, 72 RemoteAddr: "127.0.0.1:8888", 73 }, 74 ExpectedIP: netip.MustParseAddr("8.8.8.8"), 75 }, 76 { 77 Name: "Bogus crafted non-cloud X-Forwarded-For with no commas", 78 Request: http.Request{ 79 Header: http.Header{ 80 "X-Forwarded-For": []string{"8.8.8.8"}, 81 }, 82 RemoteAddr: "127.0.0.1:8888", 83 }, 84 ExpectError: true, 85 }, 86 { 87 Name: "X-Forwarded-For for IPv6 with load balancer", 88 Request: http.Request{ 89 Header: http.Header{ 90 "X-Forwarded-For": []string{"2001:0db8:1234:5678:abcd:1234:5678:abcd, 2001:0db8:0:abcd::"}, 91 }, 92 RemoteAddr: "127.0.0.1:8888", 93 }, 94 ExpectedIP: netip.MustParseAddr("2001:0db8:1234:5678:abcd:1234:5678:abcd"), 95 }, 96 { 97 Name: "X-Forwarded-For for IPv6 without load balancer", 98 Request: http.Request{ 99 Header: http.Header{ 100 "X-Forwarded-For": []string{"2001:0db8:1234:5678:abcd:1234:5678:abcd"}, 101 }, 102 RemoteAddr: "127.0.0.1:8888", 103 }, 104 // We could accept this, we choose to require the load balancer 105 ExpectError: true, 106 }, 107 } 108 for i := range testCases { 109 tc := testCases[i] 110 t.Run(tc.Name, func(t *testing.T) { 111 //t.Parallel() 112 ip, err := Get(&tc.Request) 113 if err != nil { 114 if !tc.ExpectError { 115 t.Fatalf("unexpected error: %v", err) 116 } 117 } else if tc.ExpectError { 118 t.Fatal("expected error but err was nil") 119 } else if ip != tc.ExpectedIP { 120 t.Fatalf("IP does not match expected IP got: %q, expected: %q", ip, tc.ExpectedIP) 121 } 122 }) 123 } 124 }